HIPAA-compliantby physics, not promises.
We never store your client's information. Your data goes in, the worksheet comes out, and everything is immediately discarded. We can't leak what we don't have.
How it works: Reframe Practice uses a zero-retention architecture. Your client description travels directly from your browser to Google Vertex AI (under BAA), is processed entirely in memory without disk storage, and the generated worksheet returns to your browser where it is stored locally using IndexedDB. At no point does protected health information touch Reframe's servers or databases.
Reframe Practice is a tool for licensed therapists, not a therapy clinic or counseling service.
How your data moves (and doesn't stay)
Why "nothing leaves the room" matters
Most AI tools store your data. They promise to protect it with encryption, access controls, and security policies. Those are good things, but they're still promises.
We took a different approach: we don't store client information at all. Your client description goes in, the worksheet comes out, and the data is immediately discarded.
No database of client information. No breach risk. No subpoena vulnerability.
Think of client data like a sandcastle. Most services build elaborate vaults to protect their sandcastles. We let the tide wash ours away as soon as the worksheet is generated.
You can't steal a sandcastle that doesn't exist.
What this means for you
No data breach risk
If our servers were compromised tomorrow, there would be no client information to steal. It simply isn't there.
No subpoena vulnerability
We can't be compelled to produce client records we don't have. Your therapeutic relationship stays protected.
No third-party access
We can't share, sell, or accidentally expose client data to anyone. Not partners, not advertisers, not anyone.
HIPAA by architecture
Most services are HIPAA-compliant by policy. We're HIPAA-compliant by physics. The data isn't there to protect.
How we compare
Not sure if your current AI tools are HIPAA-compliant?
Use our free HIPAA Checker tool →What we do collect
To be completely transparent, here's what we do store:
- Your email address (for account access)
- Your therapist profile (name, credentials, practice info)
- Usage analytics (which features you use, not what you type)
- Feedback you explicitly choose to submit
We never store: client descriptions, generated worksheets, session notes, or any protected health information.
For those who want the details
TLS 1.3 for all connections
All AI processing happens in memory, never written to disk
Worksheets render in your browser, not on our servers
PDF generation happens locally on your device
We cannot access or recover your locally-saved worksheets
Security FAQ
Is this really HIPAA-compliant?
Yes. We use Google Cloud Vertex AI with a signed BAA. Our architecture exceeds HIPAA requirements by eliminating data retention entirely.
What if I need to recover a worksheet?
You can't recover from our side because we never had it. Save your worksheets locally or use our browser-based library feature.
Do you train your AI on my content?
No. We use Google Vertex AI under a BAA that explicitly prohibits model training on PHI. Your content is processed and immediately discarded.
What happens if Google gets breached?
Our content never persists on Google's infrastructure. After processing, there's nothing to breach, no logs to expose.
Can I use this with actual client PHI?
Yes. That's the entire point. We built this so you can safely include real clinical context without privacy anxiety.
Ready to try privacy by design?
Describe your clients freely. We can't leak what we don't store.
Generate Your First WorksheetNothing Leaves the Room * HIPAA Compliant * Built by a Therapist